Spear phishing attacks already targeting Pyeongchang Olympic Games

Hackers are already targeting the Pyeongchang Olympic Games with spear phishing attacks aimed at stealing sensitive or financial information.

Security researchers from McAfee reported hackers are already targeting Pyeongchang Olympic Games, many organizations associated with the event had received spear phishing messages.

Most of the targeted organizations is involved with the Olympics either in providing infrastructure or in a supporting role.

“Attached in an email was a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”).” reported McAfee.

“The primary target of the email was icehockey@pyeongchang2018.com, with several organizations in South Korea on the BCC line. The majority of these organizations had some association with the Olympics, either in providing infrastructure or in a supporting role.”

The campaigns have begun on December 22, attackers used spoofed messages that pretend to come from South Korea’s National Counter-Terrorism Center.

The hackers spoofed the message to appear to be from info@nctc.go.kr, which is the National Counter-Terrorism Center (NCTC) in South Korea, the analysis revealed the email was sent from an address in Singapore and referred alleged antiterror drills in the region in preparation for the Olympic Games.

Attackers attempt to trick victims into opening a document in Korean titled “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics.”

Initially, the malware was embedded into the malicious document as a hypertext application (HTA) file, then threat actors started hiding the malicious code in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script. Researchers also noted that attackers wrote a custom PowerShell code to decode the hidden image and launch the malware.